BANDAR SUNWAY – WISE AI is proud to be featured in one of the cover stories from Digital Edge — The Edge Malaysia!
Our senior technological advisor Thillai Raj, shares his thoughts on the current state of data privacy laws in Malaysia, shaped by years of experience working as the ex-CTO of MIMOS Bhd. His key message: The state of technology (and businesses built on top of them) is moving so rapidly that legislation has yet to keep up.
“The current Personal Data Protection Act (PDPA) policies only apply to commercial transactions and do not apply to personal data that is processed outside of Malaysia,” says Thillai.
“So, when companies collect sensitive health data, such as your height and weight, the number of steps you took today, or even if you have diabetes, the data being stored on your fitness watch does not matter to the PDPA.”
There are three key problems identified in the current state of data privacy legislation:
At WISE AI, we believe that Data governance is more than just lip service, but a fundamental concept for any tech company involved in data-related work — especially for sensitive personal data.
A single data breach or ransomware attack could jeopardise a company’s reputation that was painstakingly built across decades. Handling data without a backup copy can be detrimental to the entire company’s operations in an outage — definitely not worth the few bucks saved from data storage costs.
Data governance concepts should be ingrained into the company from the ground up, and have touchpoints in the people, process and technology aspects of the business. Employees should be properly trained on what they can and cannot do with sensitive data. There also needs to be proper chains of accountability when data is handed from one party to another.
For existing companies, it may be difficult to revamp the company’s operations around new and unfamiliar data processes. For that, Thillai recommends the Data Management Body of Knowledge (DMBOK), a collection of best practices and common vernacular used to manage data across an enterprise.
It contains detailed descriptions of the end-to-end process of proper data management practices, from data security management to data quality management, and even how metadata is organised and stored.